Network Situational Awareness Tools
We have developed and maintain a suite of open source tools for monitoring large-scale networks using flow data. These tools have grown out of our work of the AirCERT project, the SiLK project, and the effort to integrate this work into a unified, standards-compliant flow collection and analysis platform. Download the following open source tools from our
tools repository. Contact us if you have questions or need more information about our tools.
- Analysis Pipeline processes SiLK Flow records to automate common tasks, get closer to "real-time" reporting of events, and feed data to a SIEM.
- fixbuf provides an implementation of the IPFIX Protocol as a C library, for building IPFIX Collecting and Exporting Processes.
- IPA is an IP address annotation system.
- iSiLK is a graphical front-end for the SiLK tools, designed to work with an existing installation of the SiLK analysis suite.
- netsa-python library is a grab-bag of Python routines and frameworks that we have found helpful when developing analyses using the SiLK toolkit.
- Orcus is a system for analyzing passively-collected DNS information.
- Rayon is a Python library and set of tools for generating basic two-dimensional statistical visualizations.
- SiLK facilitates security analysis of large networks.
- SiLK IPset contains a library and a set of command line tools to build and manipulate IPset files.
- snarf is a distributed alert reporting system.
- super_mediator is an IPFIX mediator for use with the YAF and SiLK tools.
- YAF processes packet data into bidirectional flow records that can be used as input into an IPFIX Collecting Process.